HowardForums is a discussion board dedicated to mobile phones with over 1,000,000 members and growing!

For your convenience HowardForums is divided into 7 main sections; marketplace, phone manufacturers, carriers, smartphones/PDAs, general phone discussion, buy sell trade and general discussions. Just scroll down to see them!

Only registered members may post questions, contact other members or search our database of over 8 million posts. Why don't you join us today!

A recent update to my Amazfit Bip added an option for wrist-based payments with Alipay. Here in Canada the Chinese m-commerce giant is becoming an increasingly common option at the payment terminals that I see.

520 million registered users as of May, 2018;
150 million active monthly mobile users as of May, 2018;
100 million active daily users as of December, 2016;
175 million daily transactions as of August, 2016;
42.3 billion total transactions as of December, 2014;
$519 billion USD in total payments as of May, 2014.

Being the self-professed tap-and-pay geek that I am, I looked into hooking myself up with an Alipay account. According to this site you need the following to register for an account:

A valid passport;
a Chinese phone number;
a Chinese bank account.

Despite not having the second or third thing I went ahead and downloaded the official Alipay Android app from Google Play. I entered a junk Canadian passport number (same combination of letters and numbers) and was able to verify my Canadian mobile number, but could not enter my Canadian VISA card as a method of payment. So much for mobile first.

I then tried to get an account via my desktop PC. Clicking on the global Alipay site redirected me to AliExpress; I signed up for an account there, and adding a payment card seemed to give me an Alipay account. BUT... when I went back to the app and used my credentials to log in I was told that my account "did not exist".

I've looked a bit further into the Alipay account created on my PC and discovered that it's actually registered to a Alipay's Singapore operation. On the Play Store there's a separate app specific to Hong Kong, but nothing for Singapore. Even if there was I likely wouldn't be able to register my Canadian credit card on it. So yeah, the last two days I've spent on this have basically been for nothing. Hopefully this post will prevent someone out there from wasting their time as well.

Not a sponsored post, just a new in-house app from my other favourite Android site.

Navigation Gestures by XDA does what it says on the tin, bringing iPhone X-style gestures to almost any Android phone or tablet. In fact, the only devices that it won't work with are those running the latest beta of Android P. No big deal, really, as Google already has its own navigation gestures for that.

As you can see in the screen grab above, the app replaces the standard navigation buttons with a single bar or "pill". The configurable actions in the initial release include the following:

The app doesn't require root access to run, but to use it without root you'll need to grant some additional permissions via adb on your desktop PC. Somewhat paradoxically, the type of user most familiar with adb commands would likely be the one who's already rooted their device.

And finally, a word of caution: if you decide that you're not a fan of gesture navigation after all make sure to disable gestures before uninstalling the app!

Support for other older Android Wear watches is on the way—including the Texas Instruments-powered first-gen Moto 360. Sadly, a large swath of the current Wear OS ecosystem will never get AsteroidOS; their lack of charging pins prevent hardware probing, testing and support.

I'm calling AsteroidOS a custom ROM because flashing it is a procedure akin to putting something like LineageOS on an Android phone: first you unlock your watch's bootloader with the same fastboot oem unlock command, then you use adb to flash a new bootloader and the AsteroidOS image. If you're not ready to commit you can also use fastboot to boot into the image temporarily, just like on Android.

You won't need to flash a gapps package, but you will need a phone app to connect your new watch OS to your Android phone. It's called AsteroidOS Sync (makes sense) and can be found on F-Droid right here.

If you end up trying it out please report back and let us know what you think!

To be fair, I don't think that my current carrier (Virgin Mobile) is even participating. I did receive an alert about the alert from Rogers, as did my neighbour on Freedom Mobile. It doesn't look like I missed much, however; by all accounts the first big tests of Alert Ready, Canada's new wireless alerting system, were a big fail.

In Québec a typo prevented the test from being executed properly, which isn't exactly encouraging. One thing I didn't know about Alert Ready is that it's run by Pelmorex, who own and operate Météomédia and The Weather Network. If you have either of these apps installed on your phone then you should receive any emergency alert through that, even if your phone isn't Alert Ready-ready.

In Ontario it quickly became apparent just how many phones aren't yet compatible with the technology; in my girlfriend's office exactly one phone received the test alert. My advice? Install The Weather Network app on your phone. Better to risk duplicate alerts than to get none at all.

If you need it, carrier-specific information about Alert Ready is available for Bell, Rogers and Telus.

If you were curious about Paytm, specifically the Canadian offering from the Indian m-commerce giant, here are my observations after using it for almost a year. Spoiler alert: I uninstalled it from my phone yesterday.

I first came to understand Paytm as a competitor to Plastiq, a service that lets you use your credit card to pay bills that typically don't accept credit cards—mortgage payments, car insurance, that sort of thing. That's no longer a fair fight, as VISA card payments have been suspended from the Paytm platform. You can, however, connect your chequing account and use it to pay your credit card bills. For this you are rewarded with Paytm points, one point per dollar up to a maximum of a thousand points per payment.

So what can you redeem this points for? This is where things start to unravel...

Here's a screen grab of a popular reward on Paytm. If you're confused, what's actually being offered here is $4 cash back if you purchase a $100 Amazon gift card and redeem 1,000 points. The $4 goes into your Paytm balance, which can then be applied against your next transaction. In this way Paytm keeps you perpetually locked into using the service.

And for credit card payments the service isn't great. Paytm seems to need an extra 5 business days to process that specific type of transaction, so you'll have to remember to pay at least a week earlier than usual. It might be worth the hassle for better rewards; even one or two percent cash back would be fantastic on a transaction where you'd otherwise get nothing. But using the same example above I could extract more value out of that same gift card by buying it with an AMEX Cobalt at a supermarket.

If you use a MasterCard and/or need to send money to someone in India, Paytm is worth looking in to. For me, though, the numbers just don't add up.

An article I saw on XDA recently got me pretty excited; apparently a new beta of the popular chat platform WhatsApp includes data portability, in order to comply with the European Union's General Data Privacy Regulation (GDPR) coming into effect later this month. From within the app users can request an archive of their personal data, which will be made available for download in about a day or so.

There's just one problem: actual messages from this messaging platform aren't included in the archive.

The GDPR is crystal clear on data portability. Here's an excerpt from a PDF on the matter:

The data subject shall have the right to receive the personal data concerning him or
her, which he or she has provided to a controller, in a structured, commonly used and
machine-readable format and have the right to transmit those data to another
controller without hindrance from the controller to which the data have been provided [...]

I would say that messages most certainly fall under the definition of personal data. The privacy part gets a bit tricky here; in order to be useful a messaging archive would also have to include the messages of other users. But WhatsApp already has a function to export specific message threads via email, so they might as well make your entire message database exportable by other means.

And to be perfectly clear, this current data portability solution is only being tested in a beta of the app. Hopefully the release version will be fully compliant when the GDPR goes into effect on May 25th.

If you needed another reason to be angry at your Android device maker, here it is. According to a new feature in WIRED some OEMs have been flat-out lying about their security patches. The table above is a summary of missing patches found in Android builds across thirteen manufactures. Google and Samsung, as one would hope, are fairly honest; on the other end is TCL and ZTE, each with more than four patches missing from their "updated" devices.

For the past two years the German security firm SRL have been reverse-engineering software on hundreds on Android phones, investigating what they call "patch gap". The research will be presented today at a conference in Amsterdam.

With so many Android hardware makers there's no single reason for missing security patches. Sometimes it's an honest mistake and, to quote someone from SRL, sometimes not so much:

"Sometimes these guys just change the date without installing any patches. Probably for marketing reasons, they just set the patch level to almost an arbitrary date, whatever looks best."

Whenever a security firm presents bad news like this there's often a solution being peddled to address it. And sure enough, SRL has SnoopStitch, which runs a local test on your device and supposedly informs you of any missing patches. I tried it on my OnePlus phone but the results were inconclusive, possibly because I'm on a beta channel of the software for that device.

There's already mounting evidence that we've reached peak smartphone growth—see Exhibit A here and Exhibit B here; now we have our first indication that smartphone app growth has also peaked. The analytics company appfigures makes its case in this chart:

According to their research, the number of titles in Apple's App Store declined for the first time in 2017. So how do you explain the continuing growth of Google's Android equivalent? Well, there's a chart for that, too:

As most Android users already know, the majority of apps are developed for iOS first, then ported to Android later. So while the number of titles published in Google Play saw continued growth last year, a similar contraction is likely to occur at some point.

What does all this mean? Less apps, obviously, but hopefully better ones.

You may have heard that the latest update to Instagram will remove its companion app for WatchOS. If you read the same 9to5Mac story that I did then you'll also know that Amazon, eBay, Google Maps, Slack and Whole Foods have already abandoned the Apple Watch.

And it's not a big deal. At least, I don't think so.

There are two reasons why this is happening. The first is pragmatic—in the case of Instagram, continued support for WatchOS would require a rewrite of the software using a newer SDK. Instagram likely decided that it wouldn't be worth the effort, which brings us to reason number two: Just because you're wearing a small computer on your wrist doesn't mean it should be used like a computer on your wrist. I can't see how swiping through tiny thumbnails of your Instagram feed would be in any way better than using a full-sized iPhone. And using a watch to make an Amazon purchase or to put an item up for auction on eBay sounds like a terrible experience.

Presumably users will still get notifications for these abandoned apps through WatchOS itself. I personally don't see this as any kind of crisis—rather the opposite, a healthy culling of the herd. After all, not every app on your phone needs to be duplicated on your wrist.

Just before Easter weekend Under Armour, Inc. announced that user data from its MyFitnessPal service had been compromised. Sometime in February an unauthorized party acquired data associated with some 150 million user accounts. The stolen data includes user names, email addresses and hashed passwords, but thankfully does not include payment card data.

This breach is especially troubling for a number of reasons. One is, of course, the number of users affected by it. Another cause for concern is that Under Armour doesn't seem to know how the data was stolen. Finally, MyFitnessPal is a bit unique in that it acts as an aggregator for other fitness apps and tracking devices associated with them. So it's conceivable that a user's location history, tied to their email address, might also have been compromised.

Under Armour is urging users to change their passwords—on MyFitnessPal as well as any other accounts that use the same email/password combination—and to be especially wary of any suspicious emails seeking to harvest even more personal information.

As Ars Technica reports, in the wake of the Cambridge Analytica scandal a Facebook user in New Zealand decided to download and inspect their personal data archive. This person was shocked to find about two years' worth of phone call metadata, where no explicit access to that data was granted. Ars has confirmed that this personal information, along with metadata for SMS and MMS, is showing up in the archives for other Facebook users as well. The information includes names, phone numbers plus times and lengths of phone calls.

You may have guessed that this is all about app permissions, and you'd be right. Since Android Marshmallow (v6.0) app permissions have been opt-in—meaning that before the Facebook app can help itself to your contact list you have to explicitly allow it via a pop-up toggle. Before Marshmallow the only means of granular control for such permissions were (as I recall) Privacy Guard for CyanogenMod and LBE Privacy Guard for MIUI. Even worse, granting Facebook access to your contacts in Android Jelly Bean (v4.1) and earlier automatically gave the app access to your call and message logs as well.

Even if you had one of the aforementioned privacy guards in place, or if you never used the Facebook app at all, it's still very possible that your personal information was harvested from the device of someone you know. So whether you use it or not, Facebook very likely knows exactly who you are.

What we're looking at here is my first-ever encounter with Bitmoji, attached to a text message sent from my sister-in-law, in answer to the question: "When are you and the kids free for lunch?"

A few minutes later after my cringing had subsided, I started to wonder if my sis had paid some fledgling artist to design a bunch of custom avatars for her. In addition to being a full-time mom she runs a seasonal business on the side, and could easily write off such an expense as necessary for her "brand". But I couldn't have been more wrong.

Bitmoji, it seems, is only new to me. Born of Bitstrips, a Toronto-based startup bent on democratizing the means of production for comic strips, Bitmoji itself began as a spin-off that very quickly eclipsed its forebear in downloads and actual use. Snap, Inc. acquired all of the company's assets in 2016; soon afterwards the comic strip creator was shut down, but Bitmoji remained as a standalone app for Android and iOS.

Based on my own knee-jerk reaction I don't think I'm Bitmoji's target market; in fact, soon after my first encounter with one I was Googling results for "Bitmoji sucks". Curiously, one of the top results was this very complimentary article in Slate:

90 percent of Bitmoji sharing happens in private spaces—text messages, email, group chats. A pair of texting partners can mirror the exact facial expression back at one another, their lips turning up to form the same wry smile, their cheeks blushing a matching hue [...] It’s difficult to express unabashed excitement, genuine affection, or emotional vulnerability in the presence of another human being. Why not let cartoon you do it instead?

In investigating the phenomenon further I found that a close friend had an entire gallery of Bitmoji, sent to him daily by his elderly mother. Each of them was a small variation on the general theme of "I love you"—in a phone call the incessant repetition of that same message over and over again would surely make one's eyes roll, but I have to admit that abstracted into a customized emoji it was kind of sweet. Or perhaps it was that my friend had saved them all.

Anyway, my own research would suggest that Bitmoji can be enjoyed (or ridiculed) by all, but seems to be mostly sent from moms. Agree/disagree?

It's been almost a week since Google officially rebranded Android Wear to Wear OS, and tech blogs are unimpressed. Today I'll highlight two recent editorials on the subject, one with helpful but misguided suggestions for Google, and the other with some shade-throwing that, quite by accident, pretty much nails what I believe to be Mountain View's master plan.

AC's editorial has two recommendations for Google: overhaul Google Fit and make a Pixel watch.

While it's probably true that Google Fit is somewhat lacking for the hardcore fitness enthusiast, the article conveniently ignores the existence of third-party apps like Endomondo, Runkeeper, Strava and many more—all of which work with Wear OS. Google Fit is perfectly fine for the fitness dilettante, like myself.

As for a Pixel watch, that would be almost certainly be a gift from the heavens for Pixel zealots, and of no consequence to the wider addressable audience for wearables. Remember that Nokia-powered Android phones, barely available in North America, outsold their Pixel counterparts last year. Would a Pixel-branded smartwatch do any better? I don't see how.

Gizmodo's anti-Ware OS screed spends a lot of time looking down its nose at Fossil Group and other traditional watch OEMs:

Almost all of the big Android Wear device makers such as Motorola, LG, and Asus have given up on the platform, leaving Android Wear in the hands of fashion brands that neither have the vision nor the technological know-how to advance smartwatch tech.

Well, there's certainly one thing that fashion brands know how to do: design a timepiece that doesn't look like a gadget. Looks are entirely subjective, of course, but put any of the aforementioned Asus, LG or Motorola smartwatches beside anything from a traditional watchmaker and you can immediately see which one was designed by an electronics company.

I've said this before and I'll say it here again: the future of Wear OS is under the hood of a Casio, Fossil, TAG Heuer or whatever your favourite watch brand happens to be. For the present, it arms these watchmakers with an alternative to the Apple Watch; for the future, it gives every watch-wearer to ability to see notifications on their wrist. The Wear OS rebranding is ultimately just marketing, and that's fine with me. It's a less-geeky way to pitch the tech under that pretty watchface.

webOS, Palm, Inc.'s prescient gesture-based smartphone operating system that made its way to an HP tablet and on to an untold number of LG smart TVs, has been open-sourced. For the second time. The first open source edition came from HP itself back in 2011, and according to Wikipedia went nowhere fast. Cut to 2018 and LG, the current custodian of webOS, has just announced an open source edition of their own. Hopefully this community build has received an update or two since the last one.

My own personal skepticism aside, the world can always use more open source software, so I honestly don't see this as bad news. But why webOS specifically, and why now? Here's the killer quote from LG's CTO:

“webOS has come a long way [...] and is now a mature and stable platform ready to move beyond TVs.”

... And potentially led her into another one. But we'll get to that later.

"Beautiful prison" is how The Verge's Nilay Patel describes Apple's iMessage. It's fairly accurate; for iPhone users Apple's default messaging app is as robust and feature-rich as any other platform—so much so that there's little reason to look beyond it. Even worse, those poor unenlightened souls who choose Android are treated as second-class citizens on iOS.

Don't believe me? Consider my 18 year-old niece, as loyal to Apple as any other first world millennial, who has on at least one occasion condescendingly referred to her uncle as a "green text".

She's currently taking her gap year in southeast Asia, and recently finished her first leg in Japan. While in Tokyo and Kyoto we stayed in touch via SMS—her uncle has been to that part of the world more than once, after all—but lost contact when she got a local SIM card; her iMessage seamlessly switched to a data connection but me, the green text, got locked out.

And then something unexpected happened: she texted me from Taipei and asked if we could keep in touch using some other messaging platform. Now I hardly think of myself as the most interesting man in the world, but you cannot deny that it's a pretty big deal for a teenage Apple fangirl to step outside the protective cocoon of iMessage just to keep in touch with little ol' me.

Unfortunately I seem to have led her straight into another proprietary messaging silo, otherwise known as WhatsApp. Despite being another walled garden I think it's the solution that makes the most sense for her current situation; in fact, all the 21st century digital nomads that I know depend on it for communications across borders and carriers. So I'm taking this one as a victory, if only for getting an iPhone user to see value in something outside the confines of Apple's beautiful prison.

I suspect that hardcore music enthusiasts who use Android will have already chosen their music streaming service; for anyone else thinking about which one is worth paying for, here's a summary of my own experiences with three popular apps.

Amazon Music
If you have Amazon Prime then you've also got Amazon Prime Music, the ad-free version of their streaming service. Their music catalogue seems fine, and the Android app can also cast to Android TV. Unfortunately their web player requires Flash, which tends to slow down my already taxed Chrome browser.

Google Play Music
If you want PC playback of your streaming music then Google is your obvious choice, with a web player that's optimized for Chrome and an Android app that effortlessly casts to Android TV. And if you wanted an ad-free YouTube experience then the paid version of Google Play Music would also be the obvious choice, as a subscription also includes YouTube Red. Unfortunately that perk is not yet available to those of us living in Canada.

Nonetheless, I took a 30-day free trial of Google Play Music, in the hopes that YouTube Red would one day make its way here. That would have been the end of the story, but my girlfriend suggested that I try out some other services before committing to GPM. That turned out to be some excellent advice.

Spotify
With some 70 million registered users Spotify is far and away the world's most popular music streaming service. They also offer a 30-day free trial, so I signed up with the intention of doing some A/B testing between Spotify and Google Play Music, and see if I could stump either one with a random music request.

The track that tipped the scales in favour of Spotify was this very random Japanese single that showed up in the girlfriend's YouTube feed. I'm guessing that it translates to The Futon Song...?

I found out via email yesterday that I was one of the 815,000 Canadian Uber users (along with some 57 million Americans) whose personal data was compromised. Here's an excerpt from the email I received:

In November 2016, Uber became aware that two individuals outside the company had accessed certain user data stored with a third-party service [...] The files that were accessed contained user information that we used to operate our services, and for nearly all users this included name, email address, and mobile phone number used on your account before 2016. Our outside forensics experts have seen no indication that trip location history, dates of birth, or payment information were accessed or downloaded.

Personally I'd have preferred to have my credit card number leaked rather than my email address and phone number, for the simple reason that my bank has much stronger protections in place against fraud than either my email provider or wireless carrier. Maybe that's just me.

What really stinks about this whole mess is that Uber didn't even want to notify affected Canadians at all. Mobile Syrup reports that the ride-sharing company was ultimately compelled to do so because of a February 28th ruling by the Alberta Privacy Commissioner. Uber plans to appeal that ruling, but there is a separate investigation being conducted by the Office of the Privacy Commissioner of Canada.

I don't expect every Uber user reading this to have the luxury of being able to delete their account; as a driver or passenger you might depend on the service. Fortunately I don't, but more importantly I no longer trust this company with my personal data.

With their users' credit cards already on file via the Google Play Store and Google Pay app, it only makes sense for the engineers in Mountain View to add peer-to-peer payment functionality to Android as well. But instead of doing this through a dedicated portal, they've chosen to implement this feature directly into the OS, through their own first-party software.

Using Google Pay, like PayPal , PayTM, or any other smartphone-based payments app of course requires that both the sender and recipient are registered users of the specific app in question. And while I can appreciate the convenience of these apps for sending money to family and friends overseas, for P2P payments within my own country I'm almost certainly going to go with an email transfer directly from my bank.

Based on my previous research I had thought that the project was to be a replacement for Pebble OS, the operating system on Pebble hardware. This never really made sense to me; full ROMs for each Pebble model are freely available for download, and it seems to me that what Pebblers are going to be missing most when Fitbit shuts down the Pebble servers this summer are the services that they currently provide to users—voice dictation and weather complications are the two that immediately spring to mind.

What Rebble is actually planning is a complete end-to-end solution, including an app and watch face store, a phone app for Android and iOS and (eventually) a new operating system for the watch. Here's the TL;DR from their blog post:

We will be providing replacements for almost all Pebble services;
Most things will work just fine when you switch to the Rebble servers;
We will have a Patreon page for you to donate to keep the services running;
We will require that you pledge around a couple of dollars a month for weather and dictation. All other services will remain free;
Fitbit are our friends.

You can read the finer details of Rebble's grand plan at the first link below, and the ensuing discussion from the Pebble reddit community at the second. Comments posted there so far suggest that Pebblers are happy to pay for continuing access to voice dictation and weather; if Rebble can get everything up and running in time then that June 30th deadline might not turn out to be such a big deal after all.

There is a new entry in the navigation menu of the Facebook app for smartphones and tablets; clicking through on "Protect" will redirect to a listing for an app called Onavo Protect—which, at first glance, appears to be a VPN client. Except that it's not. Rather than protecting your data from third parties the app will phone home to Facebook and report on what you're doing on your device... whether you're currently using the Facebook app or not.

To provide this layer of protection, Onavo uses a VPN to establish a secure connection to direct all of your network communications through Onavo’s servers. As part of this process, Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.

As TechCrunch reports, the Onavo app has already been used to spy on SnapChat users, and to copy that platform's popular features for Instagram, its Facebook-owned competitor.

Clawing back at least some of your privacy is as easy as uninstalling Onavo Protect—or better yet, never installing it in the first place.

Wow, that’s really not any better than Verizon or T-Mobile. It’s small cell time! Idk why nobody has deployed any around there yet. Last time I checked building permits for Orland it was just permits...